Timothy Kaler
New member
Currently passwords are being sent as typed by the user. A better strategy would be to have a two stage login process. First the user enters their username and password and presses "login." Then the user's username is posted to the server, and the server generates a random handshake string. This handshake string is returned to the user, and the server remembers that it assigned this specific handshake string to this user's username. Then the user's password is concatenated with the handshake string, and then a hash function is applied to generate an authentication string. Then this authentication string is posted to the server.
A little convoluted, but its super easy to implement. It doesn't give a site the same security as sending passwords over an encrypted connection, but it is pretty good.
~Tim
A little convoluted, but its super easy to implement. It doesn't give a site the same security as sending passwords over an encrypted connection, but it is pretty good.
~Tim
Upvote
1